diff --git a/scm-core/src/main/java/sonia/scm/security/Tokens.java b/scm-core/src/main/java/sonia/scm/security/Tokens.java index 97a9f29535..2c2eea727a 100644 --- a/scm-core/src/main/java/sonia/scm/security/Tokens.java +++ b/scm-core/src/main/java/sonia/scm/security/Tokens.java @@ -74,28 +74,7 @@ public final class Tokens public static AuthenticationToken createAuthenticationToken( HttpServletRequest request, String username, String password) { - return createAuthenticationToken(request, username, password, false); - } - - /** - * Build an {@link AuthenticationToken} for use with - * {@link Subject#login(org.apache.shiro.authc.AuthenticationToken)}. - * - * - * @param request servlet request - * @param username username of the user to authenticate - * @param password password of the user to authenticate - * @param rememberMe true to remember the user across sessions - * - * @return authentication token - * - * @since 1.31 - */ - public static AuthenticationToken createAuthenticationToken( - HttpServletRequest request, String username, String password, - boolean rememberMe) - { - return new UsernamePasswordToken(username, password, rememberMe, + return new UsernamePasswordToken(username, password, request.getRemoteAddr()); } } diff --git a/scm-webapp/src/main/java/sonia/scm/ScmSecurityModule.java b/scm-webapp/src/main/java/sonia/scm/ScmSecurityModule.java index e50f56fd27..bd567e6b14 100644 --- a/scm-webapp/src/main/java/sonia/scm/ScmSecurityModule.java +++ b/scm-webapp/src/main/java/sonia/scm/ScmSecurityModule.java @@ -53,6 +53,8 @@ import static org.apache.shiro.guice.web.ShiroWebModule.ROLES; //~--- JDK imports ------------------------------------------------------------ import javax.servlet.ServletContext; +import org.apache.shiro.mgt.RememberMeManager; +import sonia.scm.security.DisabledRememberMeManager; /** * @@ -100,6 +102,9 @@ public class ScmSecurityModule extends ShiroWebModule // expose password service to global injector expose(PasswordService.class); + + // disable remember me cookie generation + bind(RememberMeManager.class).to(DisabledRememberMeManager.class); // bind realm for (Class realm : extensionProcessor.byExtensionPoint(Realm.class)) diff --git a/scm-webapp/src/main/java/sonia/scm/api/rest/resources/AuthenticationResource.java b/scm-webapp/src/main/java/sonia/scm/api/rest/resources/AuthenticationResource.java index af0754b4da..f9a95bf7ba 100644 --- a/scm-webapp/src/main/java/sonia/scm/api/rest/resources/AuthenticationResource.java +++ b/scm-webapp/src/main/java/sonia/scm/api/rest/resources/AuthenticationResource.java @@ -143,7 +143,6 @@ public class AuthenticationResource * @param response current http response * @param username the username for the authentication * @param password the password for the authentication - * @param rememberMe true to remember the user across sessions * @param cookie create authentication token * * @return @@ -155,8 +154,7 @@ public class AuthenticationResource @Context HttpServletResponse response, @FormParam("username") String username, @FormParam("password") String password, @FormParam("rememberMe") - @DefaultValue("false") boolean rememberMe, @QueryParam( - "cookie") boolean cookie) + @QueryParam("cookie") boolean cookie) { Preconditions.checkArgument(!Strings.isNullOrEmpty(username), "username parameter is required"); @@ -169,7 +167,7 @@ public class AuthenticationResource try { subject.login(Tokens.createAuthenticationToken(request, username, - password, rememberMe)); + password)); User user = subject.getPrincipals().oneByType(User.class); diff --git a/scm-webapp/src/main/java/sonia/scm/security/DisabledRememberMeManager.java b/scm-webapp/src/main/java/sonia/scm/security/DisabledRememberMeManager.java new file mode 100644 index 0000000000..19e1cce33a --- /dev/null +++ b/scm-webapp/src/main/java/sonia/scm/security/DisabledRememberMeManager.java @@ -0,0 +1,128 @@ +/** + * Copyright (c) 2014, Sebastian Sdorra All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. 2. Redistributions in + * binary form must reproduce the above copyright notice, this list of + * conditions and the following disclaimer in the documentation and/or other + * materials provided with the distribution. 3. Neither the name of SCM-Manager; + * nor the names of its contributors may be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * http://bitbucket.org/sdorra/scm-manager + * + */ + + + +package sonia.scm.security; + +//~--- non-JDK imports -------------------------------------------------------- + +import org.apache.shiro.authc.AuthenticationException; +import org.apache.shiro.authc.AuthenticationInfo; +import org.apache.shiro.authc.AuthenticationToken; +import org.apache.shiro.mgt.RememberMeManager; +import org.apache.shiro.subject.PrincipalCollection; +import org.apache.shiro.subject.Subject; +import org.apache.shiro.subject.SubjectContext; + +/** + * Remember me manager implementation which does nothing. The + * DisabledRememberMeManager is used to disable the cookie creation of the + * default {@link RememberMeManager}. + * + * @author Sebastian Sdorra + * @since 2.0.0 + */ +public class DisabledRememberMeManager implements RememberMeManager +{ + + /** + * The implementation does nothing. + * + * + * @param subjectContext subject context + */ + @Override + public void forgetIdentity(SubjectContext subjectContext) + { + + // do nothing + } + + /** + * The implementation does nothing. + * + * + * @param subject subject + * @param token authentication token + * @param ae authentication exception + */ + @Override + public void onFailedLogin(Subject subject, AuthenticationToken token, + AuthenticationException ae) + { + + // do nothing + } + + /** + * The implementation does nothing. + * + * + * @param subject subject + */ + @Override + public void onLogout(Subject subject) + { + throw new UnsupportedOperationException("Not supported yet."); // To change body of generated methods, choose Tools | Templates. + } + + /** + * The implementation does nothing. + * + * + * @param subject subject + * @param token authentication token + * @param info authentication info + */ + @Override + public void onSuccessfulLogin(Subject subject, AuthenticationToken token, + AuthenticationInfo info) + { + + // do nothing + } + + //~--- get methods ---------------------------------------------------------- + + /** + * The implementation returns always {@code null}. + * + * + * @param subjectContext subject context + * + * @return always {@code null} + */ + @Override + public PrincipalCollection getRememberedPrincipals( + SubjectContext subjectContext) + { + return null; + } +} diff --git a/scm-webapp/src/main/webapp/resources/js/login/sonia.login.form.js b/scm-webapp/src/main/webapp/resources/js/login/sonia.login.form.js index a1c53f2fd4..74336ace21 100644 --- a/scm-webapp/src/main/webapp/resources/js/login/sonia.login.form.js +++ b/scm-webapp/src/main/webapp/resources/js/login/sonia.login.form.js @@ -41,7 +41,6 @@ Sonia.login.Form = Ext.extend(Ext.FormPanel,{ failedDescriptionText: 'Incorrect username, password or not enough permission. Please Try again.', accountLockedText: 'Account is locked.', accountTemporaryLockedText: 'Account is temporary locked. Please try again later.', - rememberMeText: 'Remember me', initComponent: function(){ var buttons = []; @@ -94,11 +93,6 @@ Sonia.login.Form = Ext.extend(Ext.FormPanel,{ scope: this } } - },{ - xtype: 'checkbox', - fieldLabel: this.rememberMeText, - name: 'rememberMe', - inputValue: 'true' }], buttons: buttons };